[syslog-ng] Logs rotate and compress but still log to compressed file

Rechtorik, Keith krechtorik at vocollect.com
Tue May 17 14:39:36 CEST 2005 

I am running SUSE 9.1 and I have syslog-ng logging information from our PIX.
After a rotate is done the file is compressed and rotated but syslog-ng
keeps logging to the compressed file instead of the newly created file. Any
help would be greatly appreciated. Here are my conifgs. If you need anymore
information I will gladly send it.

/etc/logrotate.d/syslog

/var/log/pix/voclog {
    rotate 4
    daily
    compress
    delaycompress
postrotate
#    kill -HUP `cat /var/run/syslog-ng.pid`
#     /bin/kill -HUP `cat /var/run/syslog-ng.pid 2> /dev/null` 2> /dev/null
||true
     /etc/init.d/syslog reload
     /etc/init.d/apache2 reload
endscript
}

/etc/syslog-ng/syslog-ng.conf

source src {
        #
        # include internal syslog-ng messages
        # note: the internal() soure is required!
        #
        unix-stream("/dev/log");
        internal();
        tcp();
        udp();
        #
        # the following line will be replaced by the
        # socket list generated by SuSEconfig using
        # variables from /etc/sysconfig/syslog:
        #
        #@SuSEconfig_SOCKETS@
        #
        #
        # uncomment to process log messages from network:
        #
        #udp(ip("0.0.0.0") port(514));
};

#
# filter definitions
#
filter voclog       { facility(local5); };
filter vpnlog       { facility(local7); };

destination voclog { file("/var/log/pix/voclog"); };
log { source(src); filter(voclog); destination(voclog); };

destination vpnlog { file("/var/log/vpnlog"); };
log { source(src); filter(vpnlog); destination(vpnlog); };


Keith Rechtorik
Network Administrator
Information Systems and Technology
krechtorik at vocollect.com

* CONFIDENTIAL, PRIVILEGED COMMUNICATION *
This e-mail transmission is private and intended for the addressee(s) only.
It may contain information that is privileged and/or confidential. If you
have received this transmission in error, you are not authorized to read,
copy, disclose or disseminate it in any manner. If you have received it in
error, please delete it and all copies (including backup copies) that have
been made, and transmit a reply message informing the sender that it was
misdirected.

More information about the syslog-ng mailing list